Security incident correlation method and device as well as network server

A security event and correlation analysis technology, applied in the network field, can solve problems such as affecting the speed of matching, unable to achieve real-time matching, unable to identify false positives of normal behavior, etc., to achieve the effect of fast processing

Inactive Publication Date: 2010-04-21
HUAWEI DIGITAL TECH (CHENGDU) CO LTD
View PDF0 Cites 47 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The following problems generally exist in the current security event management platform: the failure to identify normal behaviors and cause false alarms; the failure to identify a single attack behavior that triggers repeated alarms from multi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security incident correlation method and device as well as network server
  • Security incident correlation method and device as well as network server
  • Security incident correlation method and device as well as network server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The technical solutions of the embodiments of the present invention will be described in further detail below with reference to the drawings and embodiments.

[0022] figure 1 It is a flowchart of a security event correlation method according to an embodiment of the present invention. Such as figure 1 As shown, this embodiment specifically includes the following steps:

[0023] Step 101, when a new warning is received, convert the new warning into a fact;

[0024] Step 102, in the preset rule base, select all the rules related to the facts to form a rule set;

[0025] Step 103, query the rules in the rule set, and when it is found that all the facts contained in a rule in the rule set have occurred, obtain the security event according to this rule.

[0026] Specifically, the rules in the query rule set can be queried in a set order.

[0027] The above steps are performed in an online mode, wherein the preset rule base is configured in an offline or online mode, and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention relates to security incident correlation method and device as well as a network server, wherein the method comprises the following steps of: converting a new alarm into a fact when receiving the new alarm; selecting all rules related to the fact from a preset rule base so as to form a rule set; sequentially inquiring the rules in the rule set and obtaining a security incident according to one rule when inquiring that all facts included in the rule in the rule set happen. In the embodiment of the invention, one fact corresponds to one rule set, thereby obtaining the security incident through inquiring whether all facts included in the rule in the rule set happen or not without recording an intermediate state, achieving higher processing speed and realizing online real-time matching of the security incident.

Description

technical field [0001] The embodiments of the present invention relate to the network field, in particular to a security event correlation method, device and network server. Background technique [0002] The network plays an increasingly important role in people's daily life, and at the same time, it has more and more applications in business. Network security is an important issue in network applications. In the network, the security event management platform is used to manage the alarm information reported by the alarm device. The following problems generally exist in the current security event management platform: failure to recognize normal behaviors and cause false alarms; failure to recognize single attack behaviors that trigger repeated alarms from multiple alarms; failure to recognize complex attack behaviors composed of multiple steps. Due to these problems, a large number of log files and alarm information will be generated, so that the real attack information is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L9/00
Inventor 王飞李金罡郭振强
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap